The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Patryk JAKI (ECR, PL) on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) 2018/1727 of the European Parliament and of the Council and Council Decision 2005/671/JHA as regards the digital information exchange in terrorism cases.
The proposal aims to amend the Eurojust Regulation and Council Decision 2005/671/JHA in order to improve information sharing between Member States and Eurojust by defining more clearly the information to be shared.
The current Eurojust Case Management System (CMS) which was established in 2008 is technically outdated and not able to integrate and support the European Judicial Counter-Terrorism Register (CTR) launched in September 2019. This new initiative will legally and technically integrate the CTR in the CMS at Eurojust, in order to enable Eurojust to identify links between parallel cross-border proceedings in terrorism cases and other cases of serious crime and to give feedback to the Member States’ competent authorities.
The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
National correspondent for Eurojust
Each Member State should designate a competent national authority as a national correspondent for Eurojust on terrorism matters. This correspondent should be empowered to collect this information and to transmit it to Eurojust, in accordance with national criminal procedural law and applicable data protection rules.
Exchange of information on terrorist cases
Members specify that the competent national authorities should inform their national members of any ongoing or closed criminal investigation supervised by the judicial authorities, as well as of prosecutions, court proceedings and court decisions relating to terrorist offences, as soon as the case is referred to the judicial authorities, in accordance with the national criminal law in force.
This obligation would apply to all criminal investigations into terrorist offences, regardless of whether there is a known link to another Member State or third country.
The information transmitted should include operational personal data and non-personal data as listed in Annex III. However, certain personal data should only be included where such data are held by or may be shared with the relevant national authorities under applicable national law and where it is necessary to transmit them to accurately identify.
The competent national authorities should inform their national member without delay and, in any event, no later than 10 working days after the occurrence of the relevant changes in the national proceedings.
The competent national authorities should not be obliged to share information on terrorist offences with Eurojust at the earliest stage where it would jeopardise ongoing investigations or the safety of an individual or where it would be contrary to essential interests of the security of the Member State concerned.
Secure digital communication and information exchange between national competent authorities and Eurojust
According to the proposal, communication between the competent national authorities and Eurojust under the Regulation will be carried out by means of a decentralised IT system, as defined in the Regulation on the digitalisation of judicial cooperation. It is specified that the case management system referred to in this Regulation should be connected to the decentralised computer system.
The competent national authorities should transmit information to Eurojust in a semi-automated way, based on national registers, and in a structured way established by the Commission, in consultation with Eurojust, by means of an implementing act.
Case management system
Where Eurojust has been granted access to data from other EU information systems established under other Union legal acts, it may use the case management system to connect to such systems for the purpose of retrieving and processing information, including personal data, provided that it is necessary for the performance of its tasks.
Retention of data
Eurojust may not retain operational personal data transmitted in accordance with the Regulation beyond five years after the date on which the judicial decision of the last of the Member States involved in the investigation or prosecution has become final, or three years in the event of withdrawal of the indictment, acquittal or a final decision not to prosecute.
Liaison prosecutors
Liaison prosecutors seconded to Eurojust will be given access to the case management system for the purpose of secure data exchange. Eurojust should remain responsible for the processing of personal data by liaison prosecutors.
Annex III
Members provided for (i) adding the following information to the list of information identifying the suspected, accused, convicted or acquitted person: place of residence; business name; legal form; telephone numbers; IP addresses; e-mail addresses; details of bank accounts held with banks or financial institutions, as well as (ii) adding to the list of information relating to the terrorist offence information concerning legal persons involved in the preparation or commission of a terrorist offence.